1. Field of the Invention
The present invention relates to a method of dispatching secret keys to security modules and user cards, in a data processing network.
This invention applies in particular to the introduction and implementation of a new service in an existing secure data processing network. It also enables the user of a card to memorize and process data, for access to a new or existing service in a network.
2. Description of the Prior Art
A network comprises a plurality of processing or data exchange units, such as one or more central processing units, one or more terminals being connected to each central processing unit and capable of communicating with user cards for providing a service. The services provided may, for example, be furnished by a banking organization, a mail marketing organization, and so forth. It is known that in a secure network, each processing unit or exchange unit itself includes a module, known as a security module, which generally includes a microprocessor connected to a monolithic memory. Each security module allows an authorizing organization to load at least one basic secret key into this module. From this basic key and with a suitable diversification algorithm, the security module can calculate at least one diversified key. This security module can in particular, with a suitable program, authenticate a diversified key as having been developed on the basis of a predetermined basic key.
The user card is also designed as a security module.
A security module of this type, as well as the method of diversification of a basic key and authenication of the diversified key obtained are described in French Patent Application No. 86 10416, the subject matter of which is hereby incorporated by reference.
Any security module that belongs to a processing unit or data communication unit or comprises a user card in a network contains a diversified key, when the network functions for a predetermined provision of service. It is known that the diversified and secret keys, which allow different modules of the network to communicate by assuring the aforementioned authentication, are recorded in the various security modules of the network by the manufacturer of these modules or by an authorizing organization, on heavily monitored premises, in order to prevent any defrauder to learn the basic keys and the diversified secret keys calculated from these basic keys.
Thus each security module has a separate secret diversified key of its own, which differs from the diversified secret keys assigned to the other security modules or to the card. These diversified keys permit each security module in the network (the card itself can be considered a security module) to verify that the diversified key recorded in a predetermined module does indeed correspond to the basic secret key which has permission to obtain this diversified secret key. This basic key is recorded in another security module, to which the predetermined module is connected. This authentication mechanism, or mechanism for certification of the diversified keys, is described in the aforementioned French Patent Application No. 86 10416.
The use of a new service in a network, if it does necessitate using these basic secret keys and diversified secret keys respectively obtained from these basic keys, and the practical application of the methods of authenticating the aforementioned diversified keys, also necessitates introducing secret basic keys, called service-implementation keys, into the security modules of the network; these implementation keys are diversified only in the last security module of the network (for example, the user card), thus permitting this last module to gain access to the new service thus introduced in the network.
At the present time, to introduce a new service into an existing secure network it is necessary to send the security modules (including the user cards) of this network back to an authorizing organization under strict security, so that this organization can record the secret implementation keys (diversified in the user card) of this new service into these modules.
As a result, the introduction of a new service is disruptive and complicated, because the security modules of the network must be withdrawn in order to send them back to the authorizing organization and after servicing these modules must be restored or reintroduced in the network. These operations are time-consuming and make the network inoperative while they are being put into place; consequently, they are expensive. Moreover, they present the risk that one or more of the security modules temporarily withdrawn from the network will be lost or destroyed, or even misappropriated by a defrauder for illegal purposes.